Hi, By default, camel-jetty create a new connector: it doesn't use the one provided by pax-web. If you want to "plug" into the pax-web jetty connector, you have to use camel-servlet.
camel-jetty fully creates a new jetty connector, so the TLS configuration has to be set on camel-jetty. Regards JB On 03/02/2020 11:52, Gerald Kallas wrote: > I tried this setting > > org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 > > in > > org.ops4j.pax.web.cfg. > > But this doesn't have any effect. > > Still the same, I'm getting in the log > > 2020-02-03T02:00:35,872 | INFO | Blueprint Event Dispatcher: 1 | > JettyHttpComponent9 | 105 - org.apache.camel.camel-jetty - 3.0.1 > | Connector on port: 8443 is using includeCipherSuites: [] > excludeCipherSuites: [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, > ^.*_NULL_.*$, ^.*_anon_.*$] includeProtocols: [] excludeProtocols: [SSL, > SSLv2, SSLv2Hello, SSLv3] > > Any idea where I can set the includeProtocols value? > > Best > - Gerald > >> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:46 >> geschrieben: >> >> >> Tested with cURL >> >> curl --insecure -v https://host:8443/say/hello >> * Trying 10.0.0.147... >> * TCP_NODELAY set >> * Connected to host (10.0.0.147) port 8443 (#0) >> * ALPN, offering h2 >> * ALPN, offering http/1.1 >> * successfully set certificate verify locations: >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >> CApath: none >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> * TLSv1.3 (IN), TLS alert, handshake failure (552): >> * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure >> * Closing connection 0 >> curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake >> failure >> >> Seems that the fallback to TLSv1.2 isn't possible >> >> So, where is the place to enable TLSv1.2 for camel-jetty? >> >> Best >> - Gerald >> >> >>> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:00 >>> geschrieben: >>> >>> >>> Thanks JB, >>> >>> I did not install bouncycastle. >>> >>> I did install camel-jetty only as Karaf feature. The underpinning Jetty for >>> the Karaf web console is working fine with HTTPS. So far I wonder what I'm >>> still missing that camel-jetty could work also with HTTPS. >>> >>> Best >>> - Gerald >>> >>>> Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 05:57 >>>> geschrieben: >>>> >>>> >>>> Hi, >>>> >>>> do you have bouncycastle installed ? >>>> >>>> Regards >>>> JB >>>> >>>> On 03/02/2020 00:29, Gerald Kallas wrote: >>>>> Dear community, >>>>> >>>>> I'm going to access some camel-jetty driven consumer endpoints and >>>>> getting a >>>>> >>>>> SSL_ERROR_NO_CYPHER_OVERLAP >>>>> >>>>> error. The web console nevertheless is working well. >>>>> >>>>> Any hints are appreciated. >>>>> >>>>> That's the jetty.xml section >>>>> >>>>> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> >>>>> <Set name="secureScheme">https</Set> >>>>> <Set name="securePort"> >>>>> <Property name="jetty.secure.port" default="8443" /> >>>>> </Set> >>>>> <Set name="outputBufferSize">32768</Set> >>>>> <Set name="requestHeaderSize">8192</Set> >>>>> <Set name="responseHeaderSize">8192</Set> >>>>> <Set name="sendServerVersion">true</Set> >>>>> <Set name="sendDateHeader">false</Set> >>>>> <Set name="headerCacheSize">512</Set> >>>>> </New> >>>>> >>>>> P.S. I'm running >>>>> >>>>> openjdk version "1.8.0_242" >>>>> OpenJDK Runtime Environment (build 1.8.0_242-b08) >>>>> OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode) >>>>> Karaf 4.2.7 >>>>> Camel 3.0.1 >>>>> >>>>> Best >>>>> - Gerald >>>>> >>>> >>>> -- >>>> Jean-Baptiste Onofré >>>> jbono...@apache.org >>>> http://blog.nanthrax.net >>>> Talend - http://www.talend.com -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
